Optical puf and optical reading of a security element

ABSTRACT

According to a first aspect of the present invention, there is provided a method of determining a unique identifier for a security element, the method comprising: optically reading the security element via a configurable optical filter system, a readable optical transmission property of the filter system varying with respect to a configuration of the filter system; the reading comprising determining data indicative of an optical property of the security element at a first configuration of the filter system, and determining data indicative of an optical property of the security element at a second, different, configuration of the filter system; and the unique identifier being determined from a map of the variation in determined data indicative of an optical property with respect to the configuration of the filter system, wherein the reading is undertaken for multiple locations across the security element at the or each configuration of the filter system, such that the map is a map of the variation in determined data indicative of an optical property across the security element with respect to the configuration of the filter system, and wherein the reading for multiple locations across the security element is undertaken in a single reading step, using a reader with a two-dimensional sensor.

The present invention relates generally to the optical reading of asecurity element, and in particular to related methods and systems fordetermining a unique identifier for such an optically read securityelement.

There is often a need to prove, or disprove, the authenticity of anobject or similar. For instance, this might be needed for securitypurposes, for example to allow or prevent access to certainfunctionality associated with the object, or simply to allow a user orconsumer of the object to be satisfied that they are using an authenticobject. It will be appreciated that such tests for authenticity find usein the fields of anti-counterfeiting, security and so on.

In order to be able to prove that an object is an authentic object, orin other words to authenticate an object, that object might be providedwith a unique identifier in one form or another. “Unique” might notnecessarily mean that it is impossible for another object to have thesame identifier, but instead that it is statistically highly unlikelyfor this to be the case, or in other words for the identifier to beaccidentally stumbled across by guesswork or simple trial and error.

A unique identifier might, for example, take the form of or be derivedfrom a physical (sometimes referred to as physically) unclonablefunction. This might be in the form of a device or other element, theproperties of which depend on small variations in construction orfabrication or similar, but which nevertheless can be used to provide aunique identifier. For instance, in a vast array of memory cells, acertain number of memory cells may be defective, and this number orarrangement of defective cells will be different for different arraysthat are produced. Thus, this is a simple example of a uniqueidentifier. Another example might be, for instance, a capacitance orresistance of an electrical component, based on the thickness of layerswithin that component, or the extent of those layers, and so on. Due totolerances in manufacturing, each component will likely have a slightlydifferent construction, and so a slightly different, and unique,electrical property.

Unique identifiers do not necessarily need to be based on electricalprinciples. For instance, physical unclonable functions may be probed orotherwise challenged optically in order to determine a uniqueidentifier. For instance, the way in which one or more optical emittersare provided on an object may, as above, yield an overall emissionspectrum or map which is unique, again providing a readable uniqueidentifier.

Traditionally, the generation of unique identifiers, and/or associateduse of physical unclonable functions, have been based on macroscopiceffects. More recently though, it has been proposed to incorporatequantum mechanical effects in the generation of unique identifiers. Inthese more recent examples, for instance, an electrical componentexhibiting quantum mechanical confinement (e.g. a resonant tunnelingdiode) may be used as a quantum mechanical based physical unclonablefunction. The electrical properties of such a device or structure, andthus the unique identifier, are based on quantum mechanical principles.Similarly, optical based physical unclonable functions may be based onthe emissions spectra of quantum dots, or 2-D materials, or similar,located on an object. In both cases, it may be extremely difficult, ifnot impossible, to be able to physically copy a security element (e.g.being or comprising a physical unclonable function) based on quantummechanical effects. This is to the extent that the unique identifierprovided by such an element may not be circumvented, and certainly notin any practical time frame.

Depending on the exact implementation, it might be relativelystraightforward to be able to determine (e.g. for the first time, orsubsequently, in order to cross-check) a unique identifier based onelectrical principles. However, the same cannot necessarily be said foroptical-based security elements, for example those security elementsthat are optically read in order to determine a unique identifier.Whilst it may be relatively easy to optically determine a uniqueidentifier in a laboratory environment, or a highly controlledenvironment, it will be very difficult, if not impossible, to be able toquickly, or easily, or cheaply do this in a more commercial environment,for example with a typical consumer-like device or a consumer-likeenvironment. Even if it is possible to determine a unique identifierusing a more commercial, end-user, device, current approaches orproposals for such use may not offer satisfactory levels of suchdetermination, or related cross-checking for authentication, or relatedsecurity functionality.

It is an example aim or example embodiments of the present invention toat least partially overcome or avoid one or more disadvantages of theprior art, whether identified herein or elsewhere, or to at leastprovide a viable alternative.

According to the present invention there are provided apparatus andmethods as set forth in the claims that follow. Other features of theinvention will be apparent from the dependent claims, and thedescription which follows.

According to a first aspect of the present invention, there is provideda method of determining a unique identifier for a security element, themethod comprising: optically reading the security element via aconfigurable optical filter system, a readable optical transmissionproperty of the filter system varying with respect to a configuration ofthe filter system; the reading comprising determining data indicative ofan optical property of the security element at a first configuration ofthe filter system, and determining data indicative of an opticalproperty of the security element at a second, different, configurationof the filter system; and the unique identifier being determined from amap of the variation in determined data indicative of an opticalproperty with respect to the configuration of the filter system, whereinthe reading is undertaken for multiple locations across the securityelement at the or each configuration of the filter system, such that themap is a map of the variation in determined data indicative of anoptical property across the security element with respect to theconfiguration of the filter system, and wherein the reading for multiplelocations across the security element is undertaken in a single readingstep, using a reader with a two-dimensional sensor.

The optical filter system might comprise an optical filter, a readableoptical transmission property of the filter varying with respect to anangle of orientation of the filter, such that the optical filter systemis configurable with respect to the angle of orientation of the filter.

The optical filter system might comprise a plurality of differentoptical filters, each filter having a different optical transmissionproperty, such that the optical filter system is configurable withrespect to which filter is used.

The optical filter system might comprise an optical filter, a readableoptical transmission property of the filter varying with respect to oneor more of a temperature of that filter, an electric field across thatfilter, or an applied driving frequency when the optical filter is anacousto-optic tuneable filter, such that the optical filter system isconfigurable with respect to which temperature, electric field, ordriving frequency is used.

Data indicative of an optical property of the security element mightcomprise one or more of: an actual optical property; and/or anelectromagnetic emission spectrum of at least a part of the securityelement; and/or a peak, trough, or point of inflection in anelectromagnetic emission spectrum of at least a part of the securityelement; and/or a physical location in relation to the security elementof an actual optical property; and/or a physical location of a peak,trough, or point of inflection in an electromagnetic emission spectrumof the security element in relation to the security element.

The security element might comprise one or more continuous or discretecomponents exhibiting quantum mechanical confinement, the or eachcomponent being capable of emitting electromagnetic radiation linked tothat quantum mechanical confinement, wherein the confinement of the oneor more continuous or discrete components optionally confines in one ormore of 3D, 2D, or 1D, or 0D.

The method may comprise causing the security element to emitelectromagnetic radiation, to facilitate the optical reading of thesecurity element, by one or more of: irradiating the security elementwith electromagnetic radiation; and/or irradiating the security elementwith electromagnetic radiation such that emission occurs by non-resonantphotoluminescence; and/or irradiating the security element withelectromagnetic radiation, wherein an irradiation wavelength isdifferent from an emission wavelength of the security element; and/orelectrical excitation.

One or both of the security element and/or optical filter system maycomprise, or be associated with, a designated feature, for use indetermining an angle of orientation of the reader with respect to thesecurity element and/or optical filter, wherein the designated featureoptionally comprises an alignment marker or a diffraction grating.

The optical filter system may comprise one or more of a band passfilter, an edge filter, a notch filter or a tuneable Bragg grating in afibre.

The optical transmission property may be a central transmissionwavelength or transmission band.

The reader may be a handheld, or wearable, mobile device.

The map, or a unique signature or identifier derived from the map, maybe stored in an (e.g. secure) location, for use in authentication of thesecurity element on a subsequent reading of that security element.

According to a second aspect of the present invention, there is provideda system for determining a unique identifier for a security element, thesystem comprising: a configurable optical filter system, an opticaltransmission property of the filter system varying with respect to aconfiguration of the filter system; an optical reader, for opticallyreading the security element via the optical filter system; the readingcomprising determining data indicative of an optical property of thesecurity element at a first configuration of the filter system, anddetermining data indicative of an optical property of the securityelement at a second, different, configuration of the filter system; andthe unique identifier being determined from a map of a variation indetermined data indicative of an optical property with respect to theconfiguration of the filter system, wherein the reader is arranged toundertake readings for multiple locations across the security element atthe or each configuration of the filter system, such that the map is amap of the variation in determined data indicative of an opticalproperty across the security element with respect to the configurationof the filter system, and wherein the reader comprises a two-dimensionalsensor for reading multiple locations across the security element in asingle reading step.

According to a third aspect of the present invention, there is provideda method of determining a unique identifier for a security element, themethod comprising: optically reading the security element via aconfigurable optical filter system, a readable optical transmissionproperty of the filter system varying with respect to a configuration ofthe filter system; the reading comprising determining data indicative ofan optical property of the security element at a first configuration ofthe filter system, and determining data indicative of an opticalproperty of the security element at a second, different, configurationof the filter system; and the unique identifier being determined from amap of the variation in determined data indicative of an opticalproperty with respect to the configuration of the filter system. Thatis, the reading across multiple locations, and/or the single readingwith a 2D sensor, as discussed in the first aspect, might not always berequired (although highly likely to be the case in a practicalimplementation).

According to a fourth aspect of the present invention, there is provideda system for determining a unique identifier for a security element, thesystem comprising: a configurable optical filter system, an opticaltransmission property of the filter system varying with respect to aconfiguration of the filter system; an optical reader, for opticallyreading the security element via the optical filter system; the readingcomprising determining data indicative of an optical property of thesecurity element at a first configuration of the filter system, anddetermining data indicative of an optical property of the securityelement at a second, different, configuration of the filter system; andthe unique identifier being determined from a map of a variation indetermined data indicative of an optical property with respect to theconfiguration of the filter system. That is, the reading across multiplelocations, and/or the single reading with a 2D sensor, as discussed inthe second aspect, might not always be required (although highly likelyto be the case in a practical implementation).

According to a fifth aspect of the present invention, there is provideda method of authenticating, comprising: optically reading a securityelement via a configurable optical filter system, a readable opticaltransmission property of the filter system varying with respect to aconfiguration of the filter system; the reading comprising determiningdata indicative of an optical property of the security element at aconfiguration of the filter system; and the authenticating furthercomprising comparing the determined data indicative of an opticalproperty with the unique identifier determined using the method of thefirst or third aspects, or the system of the second or fourth aspects.

According to a sixth aspect of the present invention, there is provideda system for authenticating, the system comprising: a configurableoptical filter system, a readable optical transmission property of thefilter system varying with respect to a configuration of the filtersystem; an optical reader, for optically reading a security element viathe optical filter system; the reading comprising determining dataindicative of an optical property of the security element at aconfiguration of the filter system; and the system being arranged tocompare the determined data indicative of an optical property with theunique identifier determined using the method of the first or thirdaspects, or the system of the second or fourth aspects.

According to a seventh aspect of the present invention, there isprovided a security element suitable for use in any of the precedingclaims, wherein the security element comprises: a first part, capable ofemitting electromagnetic radiation; a second part, comprising aconfigurable optical filter system, a readable optical transmissionproperty of the filter system varying with respect to a configuration ofthe filter system, the first part being readable via the second part.

According to an eighth aspect of the present invention, there isprovided a method of determining a unique identifier for a securityelement, the method comprising: optically reading the security elementvia a configurable optical filter system, a readable opticaltransmission property of the filter system varying with respect to aconfiguration of the filter system; the reading comprising determiningdata indicative of an optical property of the security element at afirst configuration of the filter system; and the unique identifierbeing determined from a map of the determined data indicative of anoptical property with respect to the configuration of the filter system,wherein the reading is undertaken for multiple locations across thesecurity element at the first configuration of the filter system, suchthat the map is a map of the determined data indicative of an opticalproperty across the security element with respect to the configurationof the filter system, and wherein the reading for multiple locationsacross the security element is undertaken in a single reading step,using a reader with a two-dimensional sensor.

According to a ninth aspect of the present invention, there is provideda system for determining a unique identifier for a security element, thesystem comprising: a configurable optical filter system, an opticaltransmission property of the filter system varying with respect to aconfiguration of the filter system; an optical reader, for opticallyreading the security element via the optical filter system; the readingcomprising determining data indicative of an optical property of thesecurity element at a first configuration of the filter system; and theunique identifier being determined from a map of the determined dataindicative of an optical property with respect to the configuration ofthe filter system, wherein the reader is arranged to undertake readingsfor multiple locations across the security element at the firstconfiguration of the filter system, such that the map is a map of thedetermined data indicative of an optical property across the securityelement with respect to the configuration of the filter system; andwherein the reader comprises a two-dimensional sensor for readingmultiple locations across the security element in a single reading step.

According to a tenth aspect of the present invention, there is provideda method of authenticating, comprising: optically reading a securityelement via a configurable optical filter system, a readable opticaltransmission property of the filter system varying with respect to aconfiguration of the filter system; the reading comprising determiningdata indicative of an optical property of the security element at aconfiguration of the filter system; and the authenticating furthercomprising comparing the determined data indicative of an opticalproperty with the unique identifier determined using the method of theeighth aspect, or using the system of the ninth aspect.

According to an eleventh aspect of the present invention, there isprovided a system for authenticating, the system comprising: aconfigurable optical filter system, a readable optical transmissionproperty of the filter system varying with respect to a configuration ofthe filter system; an optical reader, for optically reading a securityelement via the optical filter system; the reading comprisingdetermining data indicative of an optical property of the securityelement at a configuration of the filter system; and the system beingarranged to compare the determined data indicative of an opticalproperty with the unique identifier determined using the method of theeighth aspect, or using the system of the ninth aspect.

It will be appreciated that any one or more features described inrelation to any one particular aspect of the present invention may beused in place of, or in combination with, any one or more features ofanother aspect of the present invention, unless such combination orreplacement would be understood by the skilled person to be mutuallyexclusive, based on a reading of this disclosure. In particular, it willbe understood that any features described in relation to a method aspectof the present invention can be used in combination with any apparatusaspect of the present invention, and that any features described inrelation to an apparatus aspect of the present invention can be usedwith any method aspect of the present invention.

For a better understanding of the invention, and to show how embodimentsof the same may be carried into effect, reference will now be made, byway of example, to the accompanying diagrammatic Figures in which:

FIG. 1 schematically depicts the optical reading of a security elementaccording to a proposed system and method;

FIG. 2 schematically depicts optical reading of a security element viaan optical filter system according to an example embodiment;

FIG. 3 is a plot schematically depicting a variation in an opticaltransmission property of the optical filter system of FIG. 2, indifferent configurations of that optical filter system, according to anexample embodiment;

FIGS. 4 and 5 schematically depict different configurations of anoptical filter in terms of their angle of orientation relative to asecurity element and/or a reader;

FIG. 6 schematically depicts a series of optical readings of a securityelement taken via an optical filter system at different configurations;

FIGS. 7 to 9 schematically depict different ways of causing a securityelement to emit electromagnetic radiation according to exampleembodiments;

FIG. 10 schematically depicts a system and method for determining aunique identifier for a security element according to an exampleembodiment;

FIG. 11 schematically depicts a system and method for determining aunique identifier for a security element according to a differentexample embodiment;

FIG. 12 schematically depicts the creation of a map of a variation indetermined data indicative of an electrical property of a securityelement with respect to configurations of the optical filter system;

FIG. 13 schematically depicts principles associated with authenticatingof a security element according to example embodiments;

FIG. 14 is a flow chart depicting the determination of a uniqueidentifier of a security element, and a subsequent authentication of thesecurity element using that unique identifier;

FIG. 15 schematically depicts general methodology associated withexample embodiments;

FIG. 16 schematically depicts general principles associated with asystem according to example embodiments;

FIG. 17 schematically depicts different methodology associated withexample embodiments;

FIG. 18 schematically depicts general principles associated with asystem according to example embodiments; and

FIG. 19 schematically depicts a security element according to an exampleembodiment.

FIG. 1 schematically depicts a proposed system and method for opticallyreading a security element. The Figure shows the security element 10. Areader for reading the security element 10 is shown in the form of amobile device, in this case a mobile telephone 12. It has been proposedthat the security element 10 may be optically read via the mobiletelephone 12 by appropriate irradiation of the security element 10, forexample by way of a flash 14 provided by the mobile telephone 12, and anappropriate detection of emitted electromagnetic radiation from thesecurity element 10. In more detail, the security element 10 can be readby an appropriate sensor and related components of the mobile telephone12.

As with all examples described herein, the security element 10 maycomprise one or more components arranged to emit electromagneticradiation when appropriately stimulated. The components may be, forexample, quantum dots, quantum wires, flakes or layers of 2D material.The or each component may emit radiation at a single wavelength, or theor each component may emit radiation with different wavelengths, forexample corresponding to a variation in band gap of the or eachparticular component.

The reading of the security element 10 may comprise establishing atwo-dimensional (2D) map of how the security element 10 emits radiationacross the security element (e.g. across the length and width of thesecurity element). Typically, the one or more components that emitradiation will not be provided within the security element 10 in acontrolled, repeatable and consistent manner across different securityelements, but will instead be deposited in a random or deliberatelyuncontrolled manner. It is this deliberate lack of control which willallow the security element 10 to effectively function as a physicallyunclonable function, and/or to therefore provide a unique identifier(physically unclonable functions are normally employed in specific ways,and unique identification is perhaps a more general feature, function,or description). That is, the emitters will be distributed across theelement in a unique manner.

A read map may be compared in some way with a stored map, toauthenticate the security element 10.

The system and methodology shown in FIG. 1 may function satisfactorily.Indeed, it can be very difficult to easily replicate the precise layoutof the one or more components that emit electromagnetic radiation, tothe extent that it is very difficult to copy the unique identifierprovided by the security element. However, it is not impossible, andwith advances in technology it may be easier to overcome or circumventthe security that the unique identifier provides, since it may be easierto replicate that unique identifier. Also, the proposed methodology andsystem in FIG. 1 takes a single reading or snapshot of the emissionspectra or spectrum across the security element 10. Since only a singleimage or snapshot is used to determine the unique identifier, and likelywith a commercial end-user device, only a single unique identifier needsto be in some way copied, or replicated or circumvented in order toovercome the security that is provided. This is not just important inthe actual reading phase, but also when information for authenticationis transmitted to or from a reader, for example in order to authenticatethe security element via a database having a previously determinedidentifier stored therein, for use in the authentication.

It has been realised by the inventors of the present invention that oneor more problems associated with the sort of methodology and system asshown in FIG. 1 can be overcome in a relatively simple manner, but whichat the same time provides a vastly improved system and method fordetermining (e.g. initially, or subsequently for authentication) aunique identifier, and a related system and method for authenticationusing that unique identifier.

In particular, according to the present invention there is provided amethod of determining a unique identifier for a security element. Themethod comprises optically reading the security element by aconfigurable optical filter system, a readable optical transmissionproperty of the filter system varying with respect to the configurationof the filter system (e.g. the configuration being an inherentconfiguration of the filter system itself, or of the filter relative tothe security element or a reader of the element). The reading comprisesdetermining data indicative of an optical property of the securityelement at a first configuration of the filter system, and determiningdata indicative of an optical property of the security element in asecond, different configuration of the filter system. The uniqueidentifier is determined from a map (which includes the identifier beingthe map) of the variation in determined data indicative of an opticalproperty of the security element, with respect to the configuration ofthe filter system. In most practical implementations, it is most likelythat the reading is undertaken for multiple locations across thesecurity element at the or each configuration of the filter system, suchthat the map is a map of a variation in determined data indicative of anoptical property across the security element with respect to theconfiguration of the filter system. In most practical implementations,it is most likely that the reading for multiple locations across thesecurity element is undertaken in a single reading step, using a readerwith a 2D sensor.

The main, overall and general concept of the present invention isperhaps best shown in FIG. 2. FIG. 2 shows a security element 20, and amobile device 22 for use in reading that security element 20, forexample via the use of a flash 24 of the mobile device 22 for use inirradiating the security element 20. In these respects, the methodologyand system generally depicted in FIG. 2 is almost identical to thatshown in and described in reference to FIG. 1. The important differencewith FIG. 2, and thus the important feature defining the presentinvention, is the presence of a configurable optical filter system 26,via which the security element 20 is to be read by the mobile device 22.

The configurable optical filter system 26 allows the optical reading ofthe security element 20 to be undertaken at a plurality ofconfigurations of the configurable optical filter system 26. The opticaltransmission property of the filter system 26, either inherently orrelative to the mobile device 22 or element 20, are different for eachconfiguration. That is, different optical properties of the element arereadable at each configuration. This means that a far richer and morecomplex, and therefore harder to copy, map of emission wavelengths orenergies (or other optical property) from the security element 20 can bevery easily obtained, and used in the determination of a uniqueidentifier for the security element 20.

The optical filter system 26 may be configurable in any one of a numberof ways in order to ensure that a readable optical transmission propertyof the filter system varies with respect to the particularconfiguration. For example, the filter system 26 can be configured tohave different transmission properties with respect to the polarisationof emitted radiation. In another example, the filter system 26 may beconfigurable to vary the intensity of transmitted electromagneticradiation. However, it is considered that the most effective filtersystem for the purposed of example embodiments will be one which isconfigurable with respect to the variation in transmittedelectromagnetic wavelengths or energies. This will allow the filtersystem to be used to selectively discriminate between emitters ofdifferent wavelengths forming part of a security element, such thatdifferent configurations of the filter system can be used to detect thepresence or absence of certain emission wavelengths or energies from oneor more components of the security element.

The filtering by wavelength is particularly useful when the securityelement comprises one or more continuous or discrete componentsexhibiting quantum mechanical confinement, the or each component beingcapable of emitting electromagnetic radiation linked to the quantummechanical confinement. Preferably, the confinement of the one or morecontinuous or discrete components confines in one or more of 3D, 2D, 1Dor 0D. The security element will preferably have a mixture of suchcomponents and related confinements. In other words, the one or morecomponents forming the security element preferably emits radiation atmore than one different wavelength or energy, and/or has or havedifferent emission spectra. For example, components exhibiting 3Dquantum mechanical confinement might give a generally flat backgroundemission spectra. 2D confinement might give a broad, sloping background,or perhaps a broad peak. 1D confinement would exhibit narrower peaks inemission energy. 0D confinement would exhibit very sharp peaks inemission spectra. Combinations of one or more degrees of confinementwould lead to particularly complex emissions spectra, lending itself tofiltration by wavelength, and unique identifiers being based on suchfiltration. That is, at one configuration an emitter, or its emission,might not be readable, while it can be read at another angle. Differentportions of the different emission spectra can be taken advantage of atdifferent configurations. For example, when read with the system used inFIG. 1, a single snapshot or reading might not be able to pick up thesubtleties in the different natures of emission spectra, and inparticular, when these emission spectra are linked to the particularcharacteristic spectra associated with particular degrees of quantummechanical confinement. However, and in contrast, the present inventiontakes advantage of this different spectra in a powerful manner, sincechanging the configuration of the optical filter system, and undertakingoptical readings of the security element at these differentconfigurations, will allow these different emission energies and spectrato be detected or otherwise discriminated, providing a much richer mapof emission energies with respect to the different configurations of theoptical filter system. This will allow a unique identifier to bedetermined which is far harder to replicate of circumvent.

The optical filter system may be changed from one configuration toanother, different, configuration in any appropriate manner. This might,of course, depend on the actual inherent nature or mechanics of theoptical filter system, or the nature of emission that is being filteredfor.

In a basic example, the optical filter system might simply comprise of aplurality of different optical filters, each filter having a differentoptical transmission property, such that the optical filter system isconfigurable with respect to which filter of the plurality is used. Thedifferent filters could have different polarisations, or transmissionbands. This might be a relatively cheap and simple way of implementing afilter system, since there is no absolute requirement for complexcontrol of the filter system, for example using associated electronicsor control circuitry. A potential drawback is that a number of opticalfilters are required, which while relatively easy to achieve in alaboratory, manufacturing or test environment, might be far harder toachieve for an end-user, or consumer, or similar.

Other implementations are, of course, possible. For instance, theoptical filter system might comprise an optical filter, an opticaltransmission property (e.g. transmission band) of the filter systemvarying with respect to one or more of a temperature of that filter, anelectric field across that filter, or an applied driving frequency whenthe optical filter is an acousto-optic tuneable filter, such that theoptical filter is configurable with respect to which temperature,electric field, or driving frequency is used. For instance, thetemperature of, or electric field across, a filter might affect itsdimensions or optical properties (e.g. a configuration of multilayers,or the birefringence), such that different configurations can beachieved. These sorts of optical systems might be more readily tuneablethan the use of multiple filters described previously. However, at thesame time, such a tuneable filter or associated driving circuitry orsimilar might add to cost or complexity in comparison with the use of anumber of relatively simple, different, optical filters.

A perhaps ideal implementation would be a system which has thetuneability described above, but also the simplicity described above. Agood example of such a system is one which comprises an optical filter,an optical transmission property of the filter varying with respect toan angle of orientation of the filter, such that the optical filtersystem is configurable with respect to the angle of orientation of thefilter. This approach is very simple, in that only a single opticalfilter is required either at the manufacturing or test stage, or at theend-user or consumer stage. Also, complex control or driver electronicsare not required. There simply needs to be a way of implementingdifferent orientations of the filter relative to the reader or securityelement to achieve the different configurations. This could amount to auser tilting the filter or reader, or rotating the filter or reader. So,tuneability and simplicity are achieved. The filter need only havetransmission properties that vary with respect to the relativeorientation, for example by way of a multilayer structure (for tilting)or a property (e.g. thickness or configuration of layers) that variesacross the filter (for rotation).

On the basis of the above, a perhaps ideal implementation of opticalfilter system configurable by way of the relative orientation of thefilter of that system will now be described in more detail. However, itwill be appreciated that general principles will apply to anyconfigurable optical filter system.

FIG. 3 schematically depicts a plot 30, showing transmission propertiesof an optical filter, in this case a band pass filter. A centretransmission wavelength of the filter is shown as the angle of incidenceof the filter with respect to the emission source (or, indeed, angle ofreading by a reader) is varied. Similarly, the full width at halfmaximum (FWHM) bandwidth of the filter is also shown as the angle isvaried.

It can be seen from FIG. 3 that the FWHM bandwidth remains substantiallyconstant, irrespective of the angle of orientation. However, and mostimportantly, it can be seen that the centre transmission wavelengthvaries quite considerably as the angle of orientation is varied. So, inthis example, it can be seen that when the emission wavelengths areincident or read perpendicularly with respect to the filter (zerodegrees as shown in the plot) the centre wavelength is 550 nm. As theangle is varied, it can be seen that the centre wavelength decreases toaround 485 nm when the angle is 60 degrees, and that there is continualvariation in the centre wavelength between these two extremes shown inthe plot 30. It is this variation in the centre wavelength of the filterwhich allows for the selection and discrimination of different emissionwavelengths and energies as alluded to above, which can lead to arelatively simple way of vastly increasing the complexity of the mapderived from the security element, and the associated security providedby the unique identifier derived from that map. This is because a mapcan be created that does not just comprise emission energies andintensities across the security element, but instead emission energiesand intensities (or similar, e.g. related data of peak or troughs)across the security element with variation based on orientation.

Again, and to reiterate the point, while FIG. 3 shows a situation ofvarying the angle of incidence or reading of emitted radiation withrespect to a band pass filter, the same general principle shown in FIG.3 would apply to the other optical filter system implementationsdescribed above, for example the use of different filters with differenttransmission properties, or the heating of a filter, or the changing ofan electric field across that filter, or the changing of the drivingfrequency of an acousto-optic filter. Again, the advantage is that a mapcan be created that does not just comprise emission energies andintensities across the security element, but instead emission energiesand intensities (or similar, e.g. related data of peak or troughs)across the security element with variation based on configuration of thefilter.

FIGS. 4 and 5 schematically depict how the angle of orientation of afilter can be changed with respect to emitted electromagnetic radiation.The same principles apply to changing angles at which the radiation isread by a reader.

FIG. 4 shows that a band pass filter 40 may be tilted 42 with respect toa general direction of incoming emitted electronic radiation 44. Opticalpath lengths within the filter 40 will be altered as a result, changingthe optical transmission properties of the filter 42.

FIG. 5 shows how a band pass filter 50 with a wedge shape (or, moregenerally, a transmission property that varies across the filter 50) maybe orientated, or re-orientated, by rotating 52 the filter 50 about alongitudinal axis along which emitted electromagnetic radiation 54generally propagates. Optical path lengths, or paths in general, withinthe filter 50 will be altered as a result, changing the opticaltransmission properties of the filter 50.

In one example, an interference filter has alternating layers ofdifferent refractive index. In a normal filter these layers would be offixed width/thickness with respect to distance along or across thefilter, and in a wedge-shaped filter such as in FIG. 5 one or moreindividual layer thicknesses could also be wedges. That is, there mightnot be more layers as a function of position—the layers could have adifferent thickness with respect to position.

As might already be appreciated in the plot in FIG. 3, thediscrimination between different emission energies, or in other wordsthe reading of the security element at different configurations, canreveal quite startlingly different outputs, and ones which are readilydetectable by a consumer level mobile device, such as a hand held deviceor wearable device (e.g. generally portable device) comprising a 2Doptical sensor. A typical device might be a mobile telephone, or tablet.FIG. 6 demonstrates just how varied the readings can be.

FIG. 6 schematically depicts a series of optical readings 60 taken of asecurity element. This series progressively shows the variation inorientation of a band pass filter via which the security element is readwith respect to radiation emitted by the security element. The seriesshows six images, taken in five degree increments away from normal(perpendicular) incidence of the emitted radiation onto and through thefilter. In accordance with the plot shown in FIG. 3, mapped on to theactual readings shown in FIG. 6, it will be appreciated that each imageshown in the series 60 reads or otherwise discriminates or filters foremitters or emissions at different wavelengths, ranging fromapproximately 550 nm at normal incidence (0 degrees) up to around 535 nmat 25 degrees (away from the normal).

Using the system of FIG. 1, where no deliberate/external filter is used(and certainly no re-configuration of any optical system is used) onlyone of the readings shown in FIG. 6 would ever be undertaken, and likelynot with a optical band pass or notch or other filter, but simplyreading across all visible wavelengths at any one time. Again, while theresulting reading, and underlying distribution of emitters might bequite difficult to copy, it is not impossible. In contrast, the series60 in FIG. 6 shows that the readings and associated mapping of emissionenergies may be vastly more improved, and security provided more complexto overcome, by use of the configurable optical filter system asdescribed above. Quite simply, the use of the optical filter systemallows for the discrimination of different emission spectra or differenttypes of emitters, whereas the proposed proposal of FIG. 1 does not.Again, the advantage is that a map can be created that does not justcomprise emission energies and intensities across the security elementfrom a single reading, but instead emission energies and intensities (orsimilar, e.g. related data of peak or troughs) across the securityelement with variation based on configuration of the filter.

More detailed implementations of the present invention are now discussedand described, and some more general principles associated with systemsand methods are also provided. Some of those principles may beinterchanged and/or replaced with one another, as will be understood bythe skilled person.

FIG. 7 shows a security element 70 and a mobile device 72 for use inoptically reading that security element 70. The security element 70 isread via an optical filter system 74. In this implementation,methodology might comprise causing the security element 70 to emitelectromagnetic radiation via a light source, optionally a broadbandlight source 76 provided by the mobile device 72, for example a flash orother light source of the mobile device 72. In response to beingirradiated with the light 76 from the mobile device 72, the securityelement 70 may emit radiation 78 back towards the mobile device 72, tobe read via the optical filter system 74. In order to reconfigure thereading via the optical filter system 74, the optical filter system 74may be orientated or re-orientated as described above, and/or the device72 can be orientated or re-orientated as described above.

FIG. 8 shows another security element 80 and another mobile device 82.In this example, the security element 80 can be caused to emitelectromagnetic radiation via irradiation by a secondary light source84, not forming part of the mobile device 82. The source 84 might formpart of the element 84, or object to which the element 80 is attached,or be external to the element 80. Again, the mobile device 82 may readradiation that is emitted 86 by the security element 80 via an opticalfilter system 88. In this example, the optical filter system 88 may notbe freely located in-between the mobile device 82 and the securityelement 80, but may cover or even form part of the security element 80.The optical filter system 88 may then be reconfigured by appropriatereorientation of the security element 80 on which the filter 88 islocated, or of which the security filter 88 forms a part, or viaorientation or reorientation of the mobile device 82. This latter optionis still to be understood as a configuration or reconfiguration of thefilter system 88 relative to the reader 82, since the filter is beingoptically read or inspected at a different angle via the orientation orreorientation, as described above.

FIG. 9 shows another security element 90 to be optically read by anothermobile device 92. In this example, the security element 90 can be causedto emit electromagnetic radiation via electrical excitation 94. Emittedradiation 96 may be read via the mobile device 92 after the radiation 96has passed through an optical filter system 98. Much as with the systemand methodology shown in FIG. 8, the optical filter system can bereconfigured by simply re-orientating the mobile device 92 or thesecurity element 90 such that the filter 98 is orientated at differentangles with respect to the reader 92 to achieve different readableconfigurations.

Generally speaking, a security element can be caused to emitelectromagnetic radiation in whichever way is suitable, for example,depending on how the security element emits radiation, or the physicalmechanism by which one or more components of the security elements maybe caused to emit radiation, or depending on the implementation of theelement in conjunction with an object to be authenticated (e.g. theavailability of an external light source or electrical power supply).Generally speaking, causing the security element to emit radiation mightgenerally involve irradiating the security element with electromagneticradiation, or via some form of electrical excitation of the securityelement or components thereof. Irradiating the security element withelectromagnetic radiation may be undertaken in such a way that emissionoccurs by non-resonant photoluminescence, such that it is easier todistinguish the emitted radiation from the radiation used to excite orstimulate the security element. More generally speaking, the irradiationof the security element may be such that an irradiation wavelength isdifferent from an emission wavelength of the security element, again, inorder to make it easier to distinguish excitation radiation fromemission radiation.

FIG. 10 schematically depicts a more detailed exemplary embodiment ofthe invention for determining a unique identifier for a securityelement. FIG. 10 shows that the system comprises a substrate or otherobject 100 onto which the security element described above has beenprovided. An electromagnetic radiation source 104 is used to irradiate106 the security element 102. An optical reader 108 is used to opticallyread or inspect the emission from the security element 102 via anoptical filter system 110. An initial reading might be undertaken whenthe optical reading or inspection is undertaken normally(perpendicularly) 112 with respect to both the filter system 110 andsecurity element 102. From this reading across multiple locations of thesecurity element 102 (e.g. taken in a single step with a 2D sensor orsimilar) a map 114 (e.g. a spectrum or similar) of emission energy(wavelength) versus intensity at this first angle 112 is established.

Then, the process is repeated when the filter system 110 is orientatedat a second angle 116, in order to establish a second map 118 at thissecond angle 116. The method may continue at a third angle 120 toestablish a third map 122 at that third angle 120, and so on. Asdiscussed below, the maps at each angle may be combined into an overallmap of how the emission energies vary across the element 102, and withvariation in orientation of the filter system 110.

In a laboratory, manufacturing or testing environment, the angle oforientation of the filter 110 with respect to the reader 108 and/or withrespect to the security element 102 can be controlled in a number ofdifferent ways. It might be quite straightforward to fix the orientationof the reader 108 and the security element 102, and to vary the angle ofthe filter 110 by using a step or servo motor, or some other easilycontrollable holder or driver. As discussed in more detail below, one ormore designated features may be used to determine, at least partiallyoptically, the relative orientation between the elements of the system,in order to establish which angle or angles are involved in the readingphase of the method, and/or to correct for that angle when establishinga map.

In a laboratory, manufacturing, or testing environment, there may be agreater degree of control of the components of the system, and/or theassociated quality of those components in terms of sensitivities,resolutions, and so on. These may be used to establish a master or highquality map for use in establishing one or more unique identifiers forthe security element, for future reference when that same securityelement is to be used in some form of identification process. Theidentifier might be the map, or a part thereof, for example the locationof one or more peaks, troughs, points of inflection, or so on, at one ormore angles, in measured spectra. These could be absolute measuredvalues, or indicative values, for example the 2D location of the peaksor troughs, or the number of peaks or troughs at a given angle, ornumber of angles. The unique identifier may depend on the nature andlevel of security that is required.

FIG. 11 depicts a slightly different methodology to that shown withreference to FIG. 10, where in FIG. 11 the orientation of a reader ischanged with respect to the security element and associated filtersystem.

FIG. 11 shows a substrate or other object 130 onto which is placed orotherwise located a security element 132. In this Figure, a filtersystem 134 is located on top of the security element 132, and may evenform a part of that security element 132 in some form of composite orlaminate structure or similar. Again, an electromagnetic radiationsource 136 is used to irradiate 138 the security element 132. In thiscase the irradiation also takes place via the filter 134. A reader 140is provided for reading the security element 132, optionally via abroadband filter 142 which may be used to reduce noise or similar. Areading may initially be undertaken at a first angle 144, where thereading is undertaken normally (perpendicularly) with respect to thefilter 134 and element 132.

As with the system shown in FIG. 10, the angle of orientation of thefilter 134 with respect to the reader 140 is controllable by one or moreappropriate servo or stepper motors or other drivers or controllers. Theelement-filter 132, 134 combination could be oriented as required,and/or the reader 140 could be oriented as required. However, it mightbe simpler, easier or simply more convenient and more flexible to avoidthe need for such control, and to instead actively determine the angleof orientation 144 via analysis of a designated feature 148 associatedwith one or both of the filter 134 and/or security element 132. Forinstance, this might be a dedicated alignment marker, the relativeorientation or distortion of which can be used to determine the angle orangles of orientation of the marker 148 and thus the filter 134 and/orsecurity element 132 relative to the reader 140. A reflective orholographic grating could alternatively or additionally be used, theproperties of radiation emitted or otherwise reflected or similar by thegrating being used in determining the angles of orientation. Adesignated feature might be a designated alignment marker that iscompletely separate to any other component, functional or otherwise, ofthe security element 132 or overlying filter 134. Alternatively oradditionally, the designated feature might be part of a label providedon the filter 134 or security feature 132 or somehow associatedtherewith. For instance, the security element 132 might be provided withor be otherwise associated with a brand name or a label, or similar, andone or more features of that brand name or label or logo can be used todetermine the orientation of the filter 134 or security element 132based on determined distortion orientation or similar of that designatedfeature. Any marker from which angle variation can be determined may beused. The angle calculated might also be used to correct for distortionin the read shape or map of the element.

Although finding advantageous use in the present invention, in terms ofthe freedom that such a feature might provide for use in determiningdegrees or angles of orientation, further detail on such markers are notprovided herein, since such used and related processing is already knownin fields such as those detailing or relating to QR codes and similar.

The reading, in combination with the determination of the angle, is usedto determine a map 150 (e.g. a spectrum) of emission energies versusintensities at that first angle 144.

Further maps 152, 154 may then be established at different orientationangles 156, 158, the determination of those different angles beingpossible via the calculation of the degree of distortion 160 of thedesignated feature 148 as already described above.

FIG. 12 shows how a number of different maps 170 obtained relative tospecific orientations of the filter system (e.g. those shown withreference to FIG. 10 or 11), may be combined into an overall map 172 ofemission energy (wavelength) versus intensity at different positions orlocations across the security element, and at different angles ofreading relative to the filter system/different angles of the filtersystem.

The same Figure shows a grid or array 174 which might reflect, beindicative of, or actually equate to an array of pixels in a 2D sensoryarray—e.g. that used to read the maps 170. This might also be anotherway of visualising a map 172. For a particular pixel, group of pixels,or map point 176, a plot 180 is shown which represents how the emissionenergy (wavelength) versus intensity varies at different orientationangles of the filter 182 for the location in the map (and thus locationof the security element). It will be appreciated that the width of eachenergy band at each orientation angle corresponds to the bandwidth ornotch or pass wavelength or wavelengths of the filter system at thatparticular angle of orientation. This principle can be used in a numberof different ways, for instance using a very narrow band pass filter ata large number of different orientations to build up a continuous energyspectrum as shown on plot 180, or to determine the emission spectra atdiscrete points. A broader or wider transmission band might not resolvethe emission spectrum in as much detail, but could nevertheless still beuseful.

It will be appreciated that the actual measured data could be the uniqueidentifier that is drawn from the map, for example the spectrum at aparticular location and at a particular orientation angle of the filtersystem, or similar. Perhaps more generally, the read or determined datamight generally be described as being indicative of an optical propertyof the security element. It may be indicative in that it might be anactual optical property of the security element, for example aparticular wavelength of intensity at that wavelength or energy orsimilar. Alternatively or additionally, the data indicative of theoptical property might be one or more portions of an emittedelectromagnetic spectrum of at least a part of the security element.Alternatively or additionally, the data indicative of an opticalproperty might be a peak, trough, or point of inflection in anelectromagnetic emission spectrum or at least a part of the securityelement. Alternatively or additionally, the data may be even morerepresentative, and for example be or equate to a physical location inrelation to the security element of an actual optical property, or aphysical location of a peak, trough, or point of inflection in anelectromagnetic emission spectrum of the security element in relation tothe security element. The unique identifier could be the number of peaksat a certain angle, or the number of troughs. Generally, then, the datacould be actual data of one or more read features, or representativedata, such as a location or count of such features. Features could beread values that do, or do not, exceed a certain value, or which equateto a certain value. That is, the data that is read or obtained or usedto provide the unique identifier could be actual absolute measuredvalues, or could be something that is derived from such measured values.Any and all of this can be used to provide a unique identifier, since,as described above, each mapping will be unique to the type and natureof emitters and associated emissions of components forming the securityelement.

The maps 170, 172 shown in and described with reference to FIG. 12 maybe stored in an online database, or some other storage medium, so thatthe database and the maps within can be later accessed for use whensubsequently authenticating the security element, for example when thesecurity element is in use and being used to label or identify orotherwise secure an object which the security element is attached orsimilar. The maps may be stored in a secure location, so that access tothe maps is restricted.

Once the map of emission energy and intensity as a function oforientation angle of the filter is established (or at least a portion isestablished), this map can then subsequently be used to authenticate thesecurity element, during a subsequent reading of the security element.Briefly, if a reading of a security element does not reveal a uniqueidentity derived from an already determined map that is present in thedatabase, or match a particular entry in the database, then the securityelement might not be deemed as authentic.

The reading of the security element for authenticating purposes might bemuch the same as already described above in relation to previous methodsand systems. The difference when authenticating is that there willalready be a pre-established or determined map to compare newly readdata with.

When it comes to authenticating a security element, a request or relatedinformation from a database (or controlling software) might be sent to aconsumer or end-user, or their reader, for undertaking theauthentication. This might, of course, be largely transparent to theuser. The user might simply be asked to point the camera of the mobiledevice at a security element at a particular angle, or range of angles,for example taken in the form of a short video, series of photos orsimilar. The user might simply be asked to point the camera of themobile device, and the or any reading at the angle of reading thencompared with the mapping in the database. That is, the user might notactually be asked to use a particular reading angle. Instead, this mightbe left to chance or choice of the user. The user might not be aware ofthe mechanisms underpinning the authentication described herein.

In a related example, data from a database representing entries in themap might not need to be sent to the reader of the end-user or consumer.Instead, when authentication is required, the reader of the end-user orconsumer might be internally or externally prompted to simply undertakethe above methodology for determining optical properties of the securityelement at a range of angles, or at a particular angle. Once this hasbeen undertaken as described above, this data could then be anonymisedand sent back to the database or controlling software for comparisonwith entries within that database. If these entries match, the databasemight simply provide identifying location signal or message back to theuser or consumer.

In a related example, the database might send a unique identifier from astored map, and this is simply looked for at the reader end. Forexample, the database might send data indicating that X peaks areexpected at angle A, Y peaks are expected at angle B, and Z peaks areexpected at angle C, and so on. If one reading matches one of theseidentifiers, the element may be deemed authentic. Alternatively oradditionally, something like a hash function could also be used toabbreviate and/or anonymise the (more complex) map

The mapping across different configurations might allow for tiered ormore robust security. For example, the unique identifier might be basedon features across or within a map at a given angle, and/or across orbetween angles. In a crude and random example, the unique identifiermight be based on there being a peak A at location B and angle C, andthere being D peaks at angle E, and there being a change in number ofpeaks from F to G with a change in angle from H to I. Again, the poweris in the mapping being across different angles (configurations), togive a very rich map for possible unique identifier determination.

In one example, FIG. 13 shows how some sort of request may be made orprompted for an end-user to optically read the security element foridentification purposes at a subset of angles 200, 202, which willcorrespond to probing different parts of the (previously mapped)emission spectrum 204. At one or both of these angles 200, 202, theremay be a unique map of optical properties across the security element,and this read by a 2D sensor of the reader as shown by an array or map206. Black dots in that array 206 may indicate where, at a particularangle 200, 202 or even a combination of those angles 200, 202, aparticular optical feature is present. As discussed above, this may bean absolute measured value of the optical feature, or could be simplythe location of an emission peak, and emission trough, a plateau, apoint of reflection, or similar.

The entire measured data set could then be transmitted to a database 210or controlling software, which stores the mapped optical propertiesmeasured previously at the different angles, described above.Alternatively, only particular data may be transmitted, for example thephysical location of the particular optical features as discussed above,for example the location of peaks, troughs, points of inflection and soon. This latter example might reduce an amount of data that needs to begenerated and/or received. For example, it might be far simpler, easyand quicker to transmit the pixel locations, map locations, or physicallocations, (all of which are related to one another) where peaks aredetected, than it would be to transmit the entire spectrum across thesecurity element for the different measured angles. Or, the hash (orsimilar) of this data, could be transmitted, as discussed below.

FIG. 14 schematically depicts methodology for optically reading andverifying a unique identifier associated with the security element.Initially, a user chooses or is instructed to choose a random subset ofangles for which optical measurement is to take place 220.

Depending on the setup, the user may choose how the measurements are tobe undertaken, or be forced by availability of hardware into aparticular choice 222. That is, the user may be able to vary theorientation angle between a reader of a security element, and the filterthat is attached to or provided with the security element, or may beable to independently vary the angle of the filter that is moveableseparately to one or both of the security element and/or reader, ordescribed above.

The optical reading then takes place at the different angles 224.

Once obtained, output data may be anonymised into, for example, a 1D keywith an appropriate algorithm (for example a hash function or similar)226.

This data may then be corrected for environmental noise and otherfactors, for example using a fuzzy extractor or similar 228.

The user (which includes the reader used by the user) will then announcethe angles and possibly band pass filter that were used for themeasurement 230. “Announce” does not necessarily mean that the user hasto actually calculate and be aware of the angles and/or band pass filterthat has been used. This is likely to all happen in the background,largely transparent to the user. The angles can be determined asdiscussed above. The type of band pass filter could be known in advance,or optically read via a marker or similar on the band pass filter. Itmight even be possible to determine the type or nature of band passfilter on-the-fly, e.g. to determine the characteristics of the bandpass filter from the measurements that have been taken. It might bepossible for the read data to still be useable in some way forcomparison with predetermined maps, without knowing exact details of thefilter used in the reading. For example, even if intensities aredifferent, there might always be an emission peak at wavelength X, ingeneral location Y, and angle Z, and so on. This sort of coarse datamight still be useful in determining a unique identifier.

The information is then transmitted to the database which automaticallyselects the data that is needed for comparison with the measured data,for example based on the announced angles 232.

The calculated data is then put into a similar algorithm (e.g. hashfunction) as used to minimise the measured data, to create a similar 1Dkey 234.

The two extracted 1D keys are then compared to one another, and if theyagree then the security element is verified as being authentic 236.

Error margins may vary depending on the security requirements, forexample with perhaps larger error margins being allowed for less robustsecurity requirements, and being tighter for more secure environments.Hash functions generally don't allow for margins of error—if input datais changed even slightly then the output should be randomly different.Error correction therefore likely has to be done prior to hashing, bysome form of smoothing, or approximating of the data. Anotherpossibility is sending information about features/sections of thesecurity element (e.g. the map data or unique identifier data) hashedseparately, and authenticating based on partial success, e.g. one of thehashes passing a comparison test or similar.

FIG. 15 depicts perhaps more general methodology for determining anidentifier for a security element.

The method comprises optically reading the security element via aconfigurable optical filter system, a readable optical transmissionproperty of the filter system 240 varying with respect of theconfiguration of the system.

The reading comprises determining data indicative of an optical propertyof the security element at a first configuration of the system, anddetermining data indicative of an optical property of the securityelement at a second, different configuration of the system 242.

The unique identifier is determined from a map of the variation indetermined data indicative of a property in respect to the configurationof the filter system 244.

In all practical likelihood, the reading will be undertaken for multiplelocations across the security element at the or each configuration ofthe filter system, such that the map is a map of the variation indetermined data indicative of the optical property across the securityelement with respect to the configuration of the filter system 246.

In all practical likelihood, the reading for multiple locations of thesecurity element is likely to be undertaken in a single reading step,using a reader with a 2D sensor 248.

FIG. 16 depicts a general system for determining the unique identifierfor a security element 250. The system comprises a configurable opticalfilter system 252, a readable optical transmission property of thefilter system 252 varying with respect to configuration of the filtersystem 252. The overall system also comprises an optical reader 254, foroptically reading the security element 250 via the optical filter system254. The reading comprises determining data indicative of an opticalproperty of the security element 250 at a first configuration of thefilter system 252, and determining data indicative of an opticalproperty of the security element 250 at a second, differentconfiguration of the filter system 252. The unique identifier isdetermined from a map of variation in determined data indicative of anoptical property with respect to the configuration of the filter system252.

Although, strictly speaking, not essential, in practice the reader 254is highly likely to be arranged to undertake readings from multiplelocations across the security element 250 at the or each configurationof the filter system 252, such that the map is a map of the variation indetermined data indicative of an optical property across the securityelement 250 with respect to the configuration of the optical system 252.

Again, although not essential, in practice it is highly likely that thereader 254 will comprise a 2D sensor 256 for reading multiple locationsacross the security element 250 in a single reading step.

In other words, in another embodiment it may not be necessary to readacross multiple locations, and/or undertake such readings in a singlestep. For example, reading at one or more discrete locations might besatisfactory, for example at one or more particular locations of thesecurity element. The readings could be undertaken at one or more, butnot all, locations at a time. A one dimensional sensor may besatisfactory, for example reading across or along a line (e.g. row orcolumn or diagonal) of locations of the security element, as opposed toacross the element in two dimensions. A sensor that can only read asingle location may also be satisfactory, even if used on multipleoccasions to take readings across the element. A two-dimensional sensormay simply be more effective and efficient for taking multiple readingsacross the element, and is the sort of sensor typically found in mobiledevices as described herein. That is, specialist equipment is notrequired.

FIG. 17 schematically depicts a general method of authenticating. Themethod comprises optically reading a security element via a configurableoptical filter system, a readable optical transmission property of theoptical system varying with respect to a configuration of the filtersystem 260.

The reading comprises determining data indicative of an optical propertyof the security element at the configuration of the filter system 262.

The authenticating further comprises comparing 264 determined dataindicative of an optical property with the unique identifier determinedusing the method or system of FIG. 15 or 16. The determined data mayitself be a unique identifier, such that the unique identifier read atthe authentication stage is compared with a previously determined uniqueidentifier.

Related to the method of FIG. 17 is a general authentication orauthenticating system, as shown in FIG. 18. The system comprises aconfigurable optical filter system 270, a readable optical transmissionproperty of the filter system varying with respect to a configuration ofthat filter system 270. An optical reader 272 is also provided, foroptically reading a security element 274 via the optical filter system270.

The reading comprises determining data indicative of optical property ofthe security element at a configuration of the filter system 270. Theoverall system is arranged to compare the determined data indicative ofan optical property with the unique identifier determined using themethod or system of FIG. 15 or 16.

Again, although not essential, in practice it is highly likely that thereader 274 will comprise a 2D sensor 276 for reading multiple locationsacross the security element 270 in a single reading step.

FIG. 19 schematically depicts a security element for use in accordancewith the methods and systems described above. The security elementcomprises a first part 280 suitable for emitting electromagneticradiation, as described above. For instance, the first part 280 maycomprise one or more continuous or discrete components, particularly inthe form of one or more continuous or discrete components capable ofemitting electromagnetic radiation as a result of, or associated with,quantum mechanical confinement exhibited by those one or morecomponents.

The security element also comprises a second part, in the form of anoptical filter system 282, a readable optical transmission property ofthe filter system 282 varying in respect to a configuration of thefilter system (e.g. inherently, or relative to a reader of the securityelement). The first part 280 is readable via the second part 282. Thefirst part 280 may be attached to or form part of an object 284. Theobject 284 might be part of the security element, for example asubstrate or support for the first part 280, or might be a separateobject, to which the security element is attached for use inauthentication.

It has been discussed above how the invention is based on opticallyreading the security element via a configurable optical filter system, areadable optical transmission property of the filter system varying withrespect to a configuration of the filter system. This, of course, coversthe filter being orientated with respect to the reader, but alsoincludes the reader being oriented with respect to the filter. In eitherexample, a readable optical transmission property of the filter systemvaries with respect to a configuration of the filter system—i.e. itsangle relative to the reader.

It might be useful, and easier, to use the same sort of filter whendetermining the map or identifier for the first time (e.g. in alaboratory, factory, or test environment), as when undertaking theauthenticating the security element at some later time. However, thismight not be possible or practical. So, the initial determination of themap or identifier might be undertaken for more than one filter, toestablish a number of different possible maps, or offsets for a give mapfor each filter. When one of these filters is then used in anauthentication process, it will still be possible to correlate themeasurement for authentication with the measurement for the initialdetermination. Indeed, it might even be possible to not know what filteris being used, and still be able to determine if the security element isauthentic from relative changes optical properties at different angles,even if undertaken in a coarse (and perhaps less secure) manner. Forexample, the presence of peaks in a general location at one angle, andthen at a general location at another angle, might be enough forauthentication purposed. However, knowing the type or nature of filterwill allow for a far more secure process, since more useful informationcan be obtained and processed. It might well be that the properties ofthe filter could be obtained from an incidental background reading usingambient light, or a via a deliberate calibration step.

The filter system described above is something of a deliberate filtersystem, where a dedicated filter has been used to obtain the requiredmeasurements. That is, the filter system is separate from the device, oradded to the device at a later stage. It might be possible to implementthe above methodology using filtration principles already existing in adevice, for example due to the presence of ultra violet or near infraredfilters present on lenses or sensors of existing readers. Suchincidental filtering might not have the flexibility of the deliberate,dedicated filters systems described above.

Following on from at least the preceding paragraph, it is worth notingthat in all embodiments, taking a reading through the configurablefilter system is always discussed. It is such a reading, and generalapproach, which allows the benefits of the invention to be realised, ofcourse. It is therefore clear that even a single reading, at a singlegiven configuration, is still inventive for the reasons alreadydiscussed at length above, because the filter system is configurable(even if not always used at different configurations) to facilitate anincrease in a richness or depth of a map, and/or configurable to takeadvantage of a previously obtained map. Also, this is consistent with asingle reading at a single configuration being used to compare with(e.g. authenticate via) a map that might well have been built onmultiple readings at multiple locations. That is, it is the configurablefilter system that is key, even if readings are not undertaken atdifferent configurations in all examples. Whilst multiple readings maybe used to establish a rich or deep map, these can clearly (as above) beundertaken with single readings, undertaken at single, differentconfigurations. So, a system and method for undertaking such a singlereading at a single configuration, facilitates this. Such use of aconfigurable filter system has not been contemplated previously.

The security element described herein does not necessarily need to beshown, marked or advertised as such. The element could be discretelylocated on, alongside, on or within an object for which authenticationis required. The element could be applied when the object is made, orretrospectively.

The security element described herein generally functions as anoptically readable physical unclonable function.

Determining of a unique identifier, or other information, mightcomprises defining, obtaining, checking, confirming, or so on, thatunique identifier, or other information.

Although a few preferred embodiments have been shown and described, itwill be appreciated by those skilled in the art that various changes andmodifications might be made without departing from the scope of theinvention, as defined in the appended claims.

Attention is directed to all papers and documents which are filedconcurrently with or previous to this specification in connection withthis application and which are open to public inspection with thisspecification, and the contents of all such papers and documents areincorporated herein by reference.

All of the features disclosed in this specification (including anyaccompanying claims, abstract and drawings), and/or all of the steps ofany method or process so disclosed, may be combined in any combination,except combinations where at least some of such features and/or stepsare mutually exclusive.

Each feature disclosed in this specification (including any accompanyingclaims, abstract and drawings) may be replaced by alternative featuresserving the same, equivalent or similar purpose, unless expressly statedotherwise. Thus, unless expressly stated otherwise, each featuredisclosed is one example only of a generic series of equivalent orsimilar features.

The invention is not restricted to the details of the foregoingembodiment(s). The invention extends to any novel one, or any novelcombination, of the features disclosed in this specification (includingany accompanying claims, abstract and drawings), or to any novel one, orany novel combination, of the steps of any method or process sodisclosed.

The invention claimed is:
 1. A method of determining a unique identifierfor a security element, the method comprising: irradiating the securityelement with electromagnetic radiation from a broadband light source;optically reading radiation from the security element that is emitted inresponse to the electromagnetic radiation from the broadband lightsource via a single configurable optical filter system, wherein areadable optical transmission property of the single configurableoptical filter system varies with respect to one of: an adjustable angleof orientation of the single configurable optical filter system, atemperature of the single configurable optical filter system, or anelectric field across the single configurable optical filter system; thereading of the radiation comprising determining data indicative of anoptical property of the security element at a first configuration of thesingle configurable optical filter system; and the unique identifierbeing determined from a map of a variation in determined data indicativeof an optical property with respect to the configuration of the singleconfigurable optical filter system; wherein the reading is undertakenfor multiple locations across the security element at each configurationof the single configurable optical filter system, such that the mapillustrates variation in determined data indicative of an opticalproperty across the security element with respect to the configurationof the single configurable optical filter system; and wherein thereading for multiple locations across the security element is undertakenin a single reading step, using a reader with a two-dimensional sensor.2. The method of claim 1, wherein the data indicative of an opticalproperty of the security element comprises one or more of: an actualoptical property; and/or an electromagnetic emission spectrum of atleast a part of the security element; and/or a peak, trough, or point ofinflection in an electromagnetic emission spectrum of at least a part ofthe security element; and/or a physical location in relation to thesecurity element of an actual optical property; and/or a physicallocation of a peak, trough, or point of inflection in an electromagneticemission spectrum of the security element in relation to the securityelement.
 3. The method of claim 1, wherein the security elementcomprises one or more continuous or discrete components exhibitingquantum mechanical confinement, each component being capable of emittingelectromagnetic radiation linked to that quantum mechanical confinement,wherein the confinement of the one or more continuous or discretecomponents confines in one or more of 3D, 2D, or 1D, or 0D, and whereinin a first configuration: radiation from a first continuous or discretecomponent is optically readable while radiation from a second continuousor discrete component is not optically readable; and in a secondconfiguration: radiation from the first continuous or discrete componentis not optically readable while radiation from the second continuous ordiscrete component is optically readable.
 4. The method of claim 1,wherein one or both of the security element and/or single configurableoptical filter system comprises, or is associated with, a designatedfeature, for use in determining an angle of orientation of the readerwith respect to the security element and/or optical filter, wherein thedesignated feature optionally comprises an alignment marker or adiffraction grating.
 5. The method of claim 1, wherein the singleoptical filter system comprises one or more of a band pass filter, anedge filter, a notch filter or a tuneable Bragg grating in a fibre,and/or wherein the optical transmission property is a centraltransmission wavelength or transmission band.
 6. The method of claim 1,wherein the reader is a handheld mobile device, or a wearable mobiledevice, and wherein the broadband light source is contained in thehandheld mobile device or the wearable mobile device.
 7. The method ofclaim 1, wherein the map, or a unique signature derived from the map, isstored in a secure location, for use in authentication of the securityelement on a subsequent reading of that security element.
 8. The methodof claim 1, further comprising, after determining the unique identifierfor the security element: additional optically reading of radiation fromthe security element in response to additional irradiation of thesecurity element with electromagnetic radiation from the broadband lightsource, to yield additional determined data indicative of the opticalproperty; comparing the additional determined data indicative of theoptical property with the unique identifier; and authenticating thesecurity element, based on the comparing.
 9. The method of claim 8,wherein the reader is further arranged to compare the additionaldetermined data indicative of the optical property with the uniqueidentifier to authenticate the security element.
 10. The method of claim1, wherein the reading further comprises determining data indicative ofthe optical property of the security element at a second, different,configuration of the filter system.
 11. The method of claim 1, whereinthe single configurable optical filter system varies solely with respectto the temperature of the single configurable optical filter system, andwherein the first configuration includes a first temperature of thesingle configurable optical filter system.
 12. The method of claim 1,wherein the single configurable optical filter system varies solely withrespect to the electric field across the single configurable opticalfilter system, and wherein the first configuration includes a firstelectric field across the single configurable optical filter system. 13.The method of claim 1, wherein the readable optical transmissionproperty includes one of a wavelength or a polarisation.
 14. The methodof claim 1, wherein the broadband light source comprises a flash lightsource.
 15. A system for determining a unique identifier for a securityelement, the system comprising: a single configurable optical filtersystem, an optical transmission property of the single filter opticalsystem varying with respect to one of: an adjustable angle oforientation of the single configurable optical filter system, atemperature of the single configurable optical filter system, or anelectric field across the single configurable optical filter system; anoptical reader, for optically reading radiation from the securityelement via the single configurable optical filter system in response toirradiation of the security element with electromagnetic radiation froma broadband light source; the reading comprising determining dataindicative of an optical property of the security element at a firstconfiguration of the single configurable filter system; and the uniqueidentifier being determined from a map of a variation in determined dataindicative of an optical property with respect to the configuration ofthe single configurable filter system; wherein the reader is arranged toundertake readings for multiple locations across the security element atthe or each configuration of the single configurable filter system, suchthat the map illustrates the variation in determined data indicative ofan optical property across the security element with respect to theconfiguration of the single configurable filter system; and wherein thereader comprises a two-dimensional sensor for reading multiple locationsacross the security element in a single reading step.
 16. The system ofclaim 15, wherein the single configurable optical filter system variessolely with respect to the temperature of the single configurableoptical filter system, and wherein the first configuration includes afirst temperature of the single configurable optical filter system. 17.The system of claim 15, wherein the broadband light source comprises aflash light source.
 18. A security element for authentication of anarticle, wherein the security element comprises: a first part, having amaterial which emits electromagnetic radiation in response toirradiation with electromagnetic radiation from a broadband lightsource; a second part, comprising a configurable optical filter systemfor detecting the electromagnetic radiation emitted from the material inthe first part, a readable optical transmission property of the filtersystem varying with respect to one of: an adjustable angle oforientation of the single configurable optical filter system, atemperature of the single configurable optical filter system, or anelectric field across the single configurable optical filter system, theelectromagnetic radiation of the first part being within a detectablerange of the configurable optical filter system of the second part. 19.The security element of claim 18, wherein the single configurableoptical filter system varies solely with respect to the adjustable angleof orientation of the single configurable optical filter system.
 20. Thesecurity element of claim 18, wherein the single configurable opticalfilter system varies solely with respect to the electric field acrossthe single configurable optical filter system.
 21. The security elementof claim 18, wherein the broadband light source comprises a flash lightsource.